Starting in June of this year, at least 20 ships navigating through Russian waters on the Black Sea began reporting difficulties with their global positioning systems. Instead of seeing themselves traveling across the Black Sea, located south of Ukraine and north of Turkey, navigators looking at their GPS coordinates instead saw that their ship was located at an airport in the seaside town of Sochi, Russia.

Exactly what caused the confusion remains a mystery though cybersecurity researchers have widely posited that the incident was the result of GPS “spoofing.” This is a kind of interference in which hackers override a legitimate GPS signal with their own falsified signal, then show a ship in a location it’s not. This kind of cyberattack could result in ship collisions, instances where vessels lose their way at sea or other safety hazards.

The risk of such events will grow as ships and other modes of transportation increasingly rely on autonomous GPS technology in favor of traditional forms of navigation. Cargo liner shipping facilitates the trade of more than $4 trillion worth of goods for the U.S. annually, according to the World Shipping Council, presenting a tempting opportunity for cybercriminals hoping to siphon some of that bounty for themselves. Now, as the industry increasingly relies on technology, maritime firms are taking steps to keep the bad guys out of their networks.

“Right now we’re not fully autonomous so it’s not too much of a risk, but it’s certainly going to become more of an issue in the future,” said Dustin Loeffler, associate professor of cybersecurity and information systems at Maryville University and a security consultant to the U.S. government.

Last year, South Korean officials complained to the United Nations that North Korea was launching GPS jamming attacks, which knock out GPS signals, against civilian ships and other targets.

Now, as awareness about digital threats grows, shipowners and maritime organizations are taking steps to protect themselves from malicious outsiders. Commercial shipping, after all, undergirds international trade and keeps much of the world’s economy afloat.

“An over-reliance on GPS and allowing technology to dominate how we do things is the real threat,” said Captain Andrew Soukhanov, the director of maritime cyber at Moran Shipping Agencies Inc. “It’s not necessarily a bad guy, or some hacker, but a failure to understand the technology.”

While GPS has increasingly made navigation easier, captains have sought to mitigate the attached risks by using multiple GPS subscriptions to avoid complete reliance on one mapping service. They also use GPS in addition to more traditional–and hopefully hack-proof–forms of navigation such as radar. Mariners also continue to rely on terrestrial navigation–when navigators factor their ships’ speed, currents and other factors to gauge location–and dead reckoning, which tracks distance in relation to landmarks, to travel.

Jammed By Cargo Theft

Still, thieves have also used GPS interference technology on land to steal cargo when shipping containers are loaded onto transport trucks on land. By jamming GPS signals, criminals and rogue employees can make massive containers invisible to someone watching from behind a screen miles away.

Hijacking cargo in transit is the most common form of theft, according to the 2017 Global Cargo Theft Risk Assessment from Sensitech Inc., a supply chain intelligence center. Typically, groups of six to eight individuals use two or three pickup trucks to track a cargo container and then threaten the driver with a gun. One vehicle then drives off with the cargo unit while the other criminals “take the driver prisoner [and] use jammers to block the GPS satellite signal, and store the merchandise in warehouses for later distribution on the black market,” the report noted.

Such incidents have occurred along the southwestern U.S. border as well as some areas of Europe and South America. A total of 1,088 incidents of cargo theft occurred in Mexico in the third quarter of 2017, according to Sensitech, an increase of 53% over the same period in 2016.

Another analysis determined that there were at least 70 incidents of cargo theft in the U.K. in the first quarter of 2015.

“Shipping is already accustomed to mitigating risks from fire and flooding to piracy,” said Michael Bahar, a partner at the law firm Eversheds Sutherland LLP and the author of a recent advisory on GPS interference. “It’s now just a matter of adding cyber into their current risk management strategies.”

Regulations Sailing on the Horizon

That integration process is already underway. In June of this year the International Maritime Organization, a specialized United Nations agency dedicated to shipping regulations, released new guidelines on maritime cyberrisk management. The recommendations advise shipowners to implement risk control measures, assign cyberrisk responsibilities, prepare backup measures, among a number of other requirements.

Failure to adhere to the regulations by the time enforcement begins on Jan. 1, 2021, could result in ships being detained.

This year also marked the first time the Oil Companies International Marine Forum included cybersecurity in its Tanker Management Safety Assessment. That checklist has become industry standard for oil companies that transport oil product across international seas.

In October, the U.S. House of Representatives passed a bill that requires the Department of Homeland Security to “facilitate increased information sharing about cybersecurity among maritime interests.” Port security preparedness would be a key aspect of any rule of that kind, with maritime security advisers coordinating with port owners, local law enforcement and ship operators to share information about digital threats.
Global shipowners aren’t waiting for regulations to take effect to ensure security plans are in place, Mr. Soukhanov said. When the Moran team travels around the world to consult with shipowners on maritime safety, he said cyberrisk is one of the first items on their to-do list. A number of owners have begun testing their cyber resilience, including testing to assess whether GPS signals can withstand outside interference.

“There is more business scrutiny on cyber than ever, and it’s not just sufficient to secure one area of cyber,” Mr. Soukhanov said. “This is the convergence of business and national security.”

(Jeff Stone writes exclusively for WSJ Pro Cybersecurity. He previously covered privacy, international hacking groups, bug bounties, and a range of related topics at media outlets including the Christian Science Monitor and the International Business Times. Write to Jeff at jeff.stone@wsj.com)